Home page logo

bugtraq logo Bugtraq mailing list archives

Re: QPOPPER problem.... ONE crude patch...
From: marc () SNAFU ORG (Marco S Hyman)
Date: Sat, 27 Jun 1998 15:31:12 -0700

Daniel Ryde writes:
        vsnprintf(mp,sizeof(message)-(mp - message)-3,format,ap);

Dangerous, if the string is truncated it will skip the null termination,

This came up a while back.  Some versions of [v]snprintf copy
size - 1 characters into str and then null terminate.  Example: the
OpenBSD snprinf man page says:

     Snprintf(), vsnprintf(), asnprintf() and vasnprintf() will write at most
     size-1 of the characters printed into the output string (the size'th
     character then gets the terminating `\0'); if the return value is greater
     than or equal to the size argument, the string was too short and some of
     the printed characters were discarded.

It's possible that the author is using a system with the above semantics.
People patching the code must know what their [v]snprintf does.

// marc

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]